[4182] in bugtraq
ANNOUNCE Security patches for INN (pre-1.5.1 versions).
daemon@ATHENA.MIT.EDU (Jared Mauch)
Mon Mar 17 19:17:19 1997
Date: Mon, 17 Mar 1997 18:42:01 -0500
Reply-To: Jared Mauch <jared@PUCK.NETHER.NET>
From: Jared Mauch <jared@PUCK.NETHER.NET>
To: BUGTRAQ@NETSPACE.ORG
There have been about 10 attacks from different folks that
I've noticed in the past 72 hours from folks.
The other solution is just to comment out all of your
control.ctl file for this problem. You can find the hacks posted
elsewhere, but you should upgrade if you have not already, or at
least apply the patches.
- Jared Mauch
----- Forwarded message from James A. Brister -----
From owner-inn-announce-outgoing@vix.com Mon Mar 17 18:38:09 1997
Message-Id: <199703172022.VAA22641@velo.pp.vix.com>
From: inn@isc.org (James A. Brister)
To: inn-announce@vix.com
Cc: inn@isc.org
Reply-To: inn@isc.org
Subject: ANNOUNCE Security patches for INN (pre-1.5.1 versions).
Organization: Internet Software Consortium
Date: Mon, 17 Mar 1997 21:22:15 +0100
Sender: owner-inn-announce@vix.com
Precedence: bulk
As you may have heard, a security hole in INN has been the subject
of some forged control messages, which try to gather password file
contents.
I recommend running 1.5.1, but if you're running a pre-1.5.1 version
of INN, then please go look at our web page http://www.isc.org/inn.html
or the ftp site ftp://ftp.isc.org/isc/inn/patches for patches to
1.4sec, 1.4unoff3, 1.4unoff4 and 1.5 to correct this.
Thanks
James
--
James Brister brister@vix.com
Internet Software Consortium http://www.isc.org inn@isc.org
----- End of forwarded message from James A. Brister -----
--
To err is human, to forgive is Not Company Policy.
--
Jared Mauch - CICNet - jared@cic.net - http://www.cic.net/ - visit my personal
page at http://puck.nether.net/~jared/
